tsubasa853 / owasp-esapi-php

Automatically exported from code.google.com/p/owasp-esapi-php
Other
0 stars 0 forks source link

Remove temporary Logging behaviours, which assist with debugging, before release. #29

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
The following behaviours were put in place temporarily to assist with Codec
debugging:

DEBUG level events are currently prevented from being logged to file.  I
put this filter in place because of the CodecDebug output which can add
a substantial amount to log files.

CRLF are not stripped from the log entries at the moment because that
would make CodecDebug output difficult to read.

Log entries are being logged to both STDOUT (which means to the browser
too) and to the logfile.

Original issue reported on code.google.com by jahboite@gmail.com on 6 Mar 2010 at 12:07

GoogleCodeExporter commented 9 years ago
Comments from https://lists.owasp.org/pipermail/esapi-php/2010-March/000719.html

I'm not so happy with what I've done with Logger.  I'd like to revisit
the initialisation which performs the log4php setup which Java leaves to
config files and see if I can bring it in line with that.
Also, I have completely lost track of why I chose to use the Echo
appender instead of the Console appender - I think it was due to console
output being polluted by simpletest or something, but the echo appender
has to go - it prevents sessions from being started.  I've logged Issue
29 about the temporary state of Logger and what I'd like to do is to
remove CodecDebug to the testresources directory, provide a patch for
enabling debugging in Codec, remove the echo appender and cease
filtering DEBUG level log entries from the log file - basically get
Logger to a ready-for-use state whilst making it easy to make use of the
CodecDebug code for anyone who wants it.
Also, some of the items in issue 30 can be achieved now (remote IP,
local IP/hostname) and I'd like to get a request object up and running
which could provide these (having been filtered and made safe).  This
ties in to the enhancement made to Java's logger for overriding user
specific messages for logging [3] and also to HTTPUtilities.

So I'm thinking I'll do this, if you agree:

Make logger ready-for-use by removing the temporary measures detailed in
issue 29.
Get Logger to use configs instead of the initialisation method in
DefaultLogger.
Create a request wrapper object.
Start HTTPUtilities - particularly the request based methods.
Add some of the items from Issue 30 to log messages.
Finish HTTPUtilities.
Validator refactoring.
Logger enhancements as per Java's logger.

[3] - https://lists.owasp.org/pipermail/esapi-php/2010-March/000643.html

Original comment by jahboite@gmail.com on 14 Apr 2010 at 8:40

GoogleCodeExporter commented 9 years ago
The temporary logging behaviours have been corrected in r726.
Leaving this issue open to remind us about:

Auditor enhancements as per Java's logger
https://lists.owasp.org/pipermail/esapi-php/2010-March/000643.html
and using config files instead of performing all configuration programmatically.

Original comment by jahboite@gmail.com on 20 Apr 2010 at 10:00

GoogleCodeExporter commented 9 years ago
De-allocating all defects to me. 

Original comment by vande...@gmail.com on 14 Jul 2010 at 9:27

GoogleCodeExporter commented 9 years ago
All these issues must be dealt with before 1.0. New issues will be on a case by 
case basis as to whether we hold up 1.0 or not. 

Original comment by vande...@gmail.com on 17 Jun 2011 at 3:36